Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1654

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1654
Last Modified 07 Mar 2011 10:07:25
Published 02 Apr 2008 02:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1654

Summary

Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.

Vulnerable Systems

Application

  • Adobe Flash Player


References

CERT - TA08-100A

CERT-VN - VU#347812

CERT - TA08-150A

XF - adobe-flash-navigatetourl-csrf(41718)

VUPEN - ADV-2008-1724

VUPEN - ADV-2008-1697

SECTRACK - 1019807

BID - 28696

REDHAT - RHSA-2008:0221

MISC - http://www.gnucitizen.org/blog/hacking-the-interwebs/

GENTOO - GLSA-200804-21

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-11.html

SECUNIA - 29763

FULLDISC - 20080113 Hacking The Interwebs

SUSE - SUSE-SA:2008:022

SUNALERT - 238305

SECUNIA - 30507

SECUNIA - 30430

SECUNIA - 29865

APPLE - APPLE-SA-2008-05-28

Related Patches

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update

Adobe APSB08-11 Flash Player 9.0.r124 for IE (Upgrade) (All Languages)

Adobe Flash Player 9.0.124 for Mac OS X (PPC)

Adobe Flash Player 9.0.124 for Mac OS X (Universal)

Adobe APSB08-11 Flash Player 9.0.r124 for Netscape (Upgrade) (All Languages)


Last Updated: 27 May 2016 10:47:37